Traditional signature-based security solutions cannot defend against Zero-day and Advanced Persistent Threat (APT) attacks effectively. As a result, some vendors are now providing an appliance based solution. These solutions run threats in a virtual machine in an appliance, then the solution analyzes the threats in signature-less, behavior based way. There are, however, numerous drawbacks of a virtual machine based appliance. First, all threats are executed and analyzed in the appliance, which makes the appliance the performance bottle neck. Second, virtual machine based analysis can be bypassed easily by virtual machine detection and malware may behave differently when running in a virtual machine versus a physical machine. Third, users have to wait until analysis completes before they can actually use these executable files on their client systems. Fourth, some threats may infect a system with a delay of time, even after several hours—a virtual machine based appliance cannot detect the threats in this case. Additionally, when an analyzer fails to detect a threat, the threat will compromise the client system directly.
There is a need therefore, to overcome these and other drawbacks so that threats may be eliminated and executable files delivered in an effective manner which protects networks and end points thereof.